Permalink
Commits on Apr 22, 2016
  1. Merge pull request #909 from dberkowitz/patch-1

    Make syntax compatible with PHP version < 5.3
    
    Reviewed-By: Jared Hancock <jared@osticket.com>
    greezybacon committed Apr 22, 2016
Commits on Jun 24, 2015
  1. oops: Bad backport

    Remove unsupported translate call
    greezybacon committed Jun 24, 2015
Commits on Apr 2, 2015
Commits on Mar 31, 2015
  1. thread: Defer loading email header information

    The %ticket_email_info table needs an index on thread_id. This is done in
    the `develop-next` branch; however, this patch helps alleviate performance
    issues on the main branch until the `develop-next` branch is collapsed for
    main line development.
    greezybacon committed Mar 25, 2015
  2. alerts: Consider "alert assigned on new message"

    When sending alerts to agents, consider the setting of the new message alert
    configuration.
    greezybacon committed Mar 17, 2015
  3. filter: Trim match values when saving rules

    This will help when saving rules with trailing spaces for instance, which
    may make things not match when visually the administrator would otherwise
    expect the filter to match.
    greezybacon committed Mar 16, 2015
Commits on Mar 10, 2015
  1. oops: Fix bad merge

    greezybacon committed Mar 10, 2015
  2. Fix very predictable random data on some platforms

    Misc::randCode does not generate significantly random data for Windows
    platforms with a local database. This stems from the random seed using the
    milliseconds from the current time of day and the database connection time,
    in microseconds. Because Windows has especially poor sub-second time
    resolution via the microtime() function, the seed does not have many
    variations.
    
    This patch addresses the issue by using the included Crypto::random()
    function as a source of random data rather than the mt_rand() function, as
    it uses native cryptographic random data generators if possible to generate
    the data, and uses microtime() as a fallback if no other source of random
    data is available on the platform.
    greezybacon committed Jan 13, 2015
  3. login: Require CSRF token to login

    This patch fixes a vulnerable scenario, where sequential login attempts can
    be made without an existing session, and without a valid CSRF token. This
    scenario lends itself well for brute force password attempts, because
    attackers can avoid using a session and still send requests to determine if
    a set of credentials are valid. This vector also avoids the authentication
    lockout mechanism, because it requires an ongoing session to shutdown the
    requests.
    
    This patch addresses the issue by requiring a session and a valid CSRF token
    generated by the server and placed in the session to be submitted with the
    credentials. Therefore, an existing session and a Cookie header are required
    to process a login attempt. Secondly, the CSRF token will be changed on the
    server after each login processed. Therefore, for each session, a subsequent
    GET request would be necessary before submitting another login attempt.
    greezybacon committed Feb 11, 2015
Commits on Jan 7, 2015
Commits on Jan 6, 2015
  1. oops: Fix advanced search regression from fcb34cfb

    Don't add to endTime if not already set
    greezybacon committed Jan 6, 2015
Commits on Jan 5, 2015
  1. lock: Set ticket lock on ticket-view

    Since the automatic lock was being acquired but not passed to the autoLock
    system, the automatically acquired lock was not being release on away
    navigation.
    
    This patch addresses the issue by passing the automatically acquired lock id
    to the autoLock system on ticket-view page load and change the ::Init()
    method so that the lock id is not cleared with the ::Init() method is called
    by the page load.
    greezybacon committed Dec 16, 2014
Commits on Jan 1, 2015
  1. ticket: No team alert on new ticket if assigned to an agent too

    If a new ticket is assigned to both an individual agent and a team, do not
    send the email alert to the team lead or the team members.
    greezybacon committed Dec 31, 2014
  2. filters: Fix several small, major issues

      * Fix early rejecting of tickets — even if a filter earlier in the
        matching filter list had "stop on match" set
      * Fix ::stopOnMatch referring to incorrect db field
    
    The new logic abandons the early rejection logic in ticket create. Instead,
    the normal validation is completed as usual. Thereafter, the filter is
    initialized and applied to the ticket. Upon rejection, a RejectedException
    is thrown by the ::apply() method of the TicketFilter. The Ticket::create()
    method will handle the exception and reject the ticket.
    greezybacon committed Dec 30, 2014
  3. oops: Remove the `?:` operator

    as it is not supported until PHP 5.3.
    
    Fixes #896
    greezybacon committed Jan 1, 2015
Commits on Oct 13, 2014
  1. Add release notes for 1.7.11

    greezybacon committed Oct 13, 2014
  2. email: Add MAIL_EOL setting to ost-config.php file

    This setting allows administrators to add (uncomment) a MAIL_EOL setting in
    the ost-config.php config file to define the line ending used for mail
    headers and encoded bodies in outbound mail (SMTP, for instance).
    
    By default, CRLF is used by the SMTP email generator as per the RFC 822
    standard. However, many administrators can benefit by setting LF (\n) as the
    line ending.
    greezybacon committed Sep 8, 2014
Commits on Aug 1, 2014
  1. email: No bounces for system alerts

    Send an empty return-path envelope when sending out system alerts. If they
    should happen to bounce for any reason, they should not return to the system
    and create tickets.
    greezybacon committed Jul 18, 2014
  2. session: Override PHP default for session lifetime

    The PHP.ini default is 1440 seconds (24 minutes). This should be configured
    to something significantly higher so that the settings in the admin panel
    concerning session timeouts are relevant.
    
    Ideally, the settings from the control panel would be used, but currently
    there is an inter-dependency between session and config startups.
    greezybacon committed Jul 18, 2014
Commits on Jun 18, 2014
  1. Add release notes for 1.7.9

    greezybacon committed Jun 18, 2014